Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Continual installing different and new programs.


  • This topic is locked This topic is locked
21 replies to this topic

#1 Gemma*

Gemma*

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 23 September 2015 - 04:16 AM

Hi, recently I want to download someting from utorrent. I click install, run. Shortly after click cansel but it didn't work. Next, I didn't aprove programs were installed one by one. I restart PC, close wifi and open control panel. I uninstall all these programs. After I installed combofix and scaned my computer. After all these, stopped to installing programs. But today I want to download game of Papers Please. I downloaded and tried to install but I couldn't. Computer giving the same error. I didn't aprove programs were installed again. I repeated before I did. Uninstalled stranger programs and scaned combofix to computer.

 

What should I do? :idea:

 

This is todays combofix log:

Attached File  23.09.15 comofix log.txt   29.15KB   2 downloads



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 23 September 2015 - 09:57 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi Gemma*,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 23 September 2015 - 12:38 PM

Thank you for answering. *-*

I uploaded your wants.

 

Attached File  FRST.txt   254.68KB   3 downloads

 

Attached File  Addition.txt   24.33KB   3 downloads


Edited by Gemma*, 23 September 2015 - 12:43 PM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 24 September 2015 - 10:59 AM

Hi Gemma*,
 
We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

McAfee Security Scan Plus

Additional instructions can be found here if needed.
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [gpuminer] => C:\Users\Zeynep\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] ()
HKLM\...\Run: [cpuminer] => C:\Windows\system32\cpm.exe [1423640 2015-09-18] ()
C:\Users\Zeynep\AppData\Roaming\cpuminer
C:\Windows\system32\cpm.exe
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2726754244-3849916721-1666984765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 24 September 2015 - 12:52 PM

Hello again. *-* And thank you again. :rolleyes:

 

There is Fixlog

Attached File  Fixlog.txt   1.56KB   2 downloads

 

I did your say. I click run as adminstrator but there is no any report button. I tried twice time. There is log file button. I opened C/AdwCleaner.  These are files in AdwCleaner folder:

 

Attached File  AdwCleanerS1.txt   2.14KB   1 downloads

Attached File  AdwCleanerS2.txt   2.24KB   0 downloads

 

There is not program name that I know should not be removed.



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 24 September 2015 - 01:07 PM

Hi Gemma*,
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 

Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 24 September 2015 - 04:00 PM

Hi :hello:

 

Attached File  AdwCleanerC1.txt   2.52KB   1 downloads

 

Attached File  FRST.txt   260.27KB   0 downloads

Attached File  Addition.txt   24.79KB   0 downloads

 

Immm... How I say? I made an idiotness. I conjecture my first downlonded file is virus. Papers please games stup file is clean. But as far as I understand this is not that I thinked. I think my computer cleaned so I can setup my papers please game and I can play it. When I clicked setup button, the same thing happened. :smash: :mellow: And I didn't stop installing programs. I have to scan my pc combofix again. It was stopped. 

 

This is combofix report:

Attached File  ComboFix.txt   30.79KB   2 downloads

 

These are after combofix scan FRST reports:

Attached File  Addition.txt   23.92KB   1 downloads

Attached File  FRST.txt   259.13KB   2 downloads

 

Should I repeat all these steps again from the beginning? :unsure:

 

 

 


Edited by Gemma*, 24 September 2015 - 06:14 PM.


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 25 September 2015 - 10:36 AM

Hi Gemma*,
 
Please do not run or install anything else, as this makes my job harder. I will let you know when you are clean.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
() C:\Program Files (x86)\RayDld\ihpmServer.exe
(WS) C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
C:\Program Files\SpaceSoundPro
HKLM\...\Run: [gpuminer] => C:\Users\Zeynep\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2726754244-3849916721-1666984765-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
HKU\S-1-5-21-2726754244-3849916721-1666984765-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2726754244-3849916721-1666984765-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2726754244-3849916721-1666984765-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1443132322&z=a13558c4727d16568def915g8zaz6c2gcccobc2oeo&from=amt&uid=hgstxhts541010a9e680_jd1008cc1wntnv1wntnvx&q={searchTerms}
FF Homepage: hxxp://www.mystartsearch.com/?type=hp&ts=1443134241&z=b7a82d52537f2febdc45e18g9z2zcc9gfcez4e7w3t&from=cmi&uid=HGSTXHTS541010A9E680_JD1008CC1WNTNV1WNTNVX
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Zeynep\AppData\Roaming\Mozilla\Firefox\Profiles\u2k36kim.default\extensions\deskCutv2@gmail.com
S2 gyvixodu; C:\Program Files (x86)\DBD75D78-1443132373-E411-A26A-D0BF9C636213\hnsyD7E9.tmp [203776 2015-09-25] () [File not signed]
R2 ihpmServer; C:\Program Files (x86)\RayDld\ihpmServer.exe [268520 2015-09-09] ()
S2 lehicewu; C:\Program Files (x86)\DBD75D78-1443132373-E411-A26A-D0BF9C636213\jnseC12D.tmp [181760 2015-09-25] () [File not signed]
R2 wssvc_1.10.0.20; C:\Program Files (x86)\WordShark_1.10.0.20\Service\wssvc.exe [300120 2015-07-06] (WS)
S2 rysihumi; C:\Program Files (x86)\DBD75D78-1443132373-E411-A26A-D0BF9C636213\knsyA8A7.tmpfs [X]
R1 ppfd_vt_1_10_0_21; system32\drivers\ppfd_vt_1_10_0_21.sys [X]
S2 UPKernel; \??\C:\Program Files (x86)\UPCleaner\0.9.30.12075\UPKernel64.sys [X]
2015-09-25 01:37 - 2015-09-25 01:38 - 00000000 ____D C:\Users\Zeynep\AppData\Roaming\cpuminer
2015-09-25 01:37 - 2015-09-25 01:37 - 00000000 ____D C:\Program Files (x86)\WordShark_1.10.0.20
2015-09-25 01:12 - 2015-09-25 01:12 - 00000000 ____D C:\Program Files (x86)\predm
2015-09-25 01:08 - 2015-09-25 01:08 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-09-25 01:06 - 2015-09-25 01:11 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-09-25 01:06 - 2015-09-25 01:06 - 00000000 ____D C:\Users\Zeynep\AppData\Local\globalUpdate
2015-09-25 01:06 - 2015-09-25 01:06 - 00000000 ____D C:\Users\Zeynep\AppData\Local\DBD75D78-1443143212-E411-A26A-D0BF9C636213
2015-09-25 01:06 - 2015-09-25 01:06 - 00000000 ____D C:\Program Files (x86)\DBD75D78-1443132373-E411-A26A-D0BF9C636213
2015-09-25 01:05 - 2015-09-25 01:05 - 00000000 ____D C:\Program Files (x86)\RayDld
2015-09-25 01:05 - 2015-09-25 01:05 - 00000000 ____D C:\Program Files (x86)\mbot_tr_014010091
2015-09-23 03:35 - 2015-09-23 03:35 - 01423680 _____ C:\Windows\system32\cpm.exe
2015-09-22 14:33 - 2015-09-25 01:47 - 00000000 ____D C:\Program Files (x86)\Feed Notifier
2015-09-22 14:20 - 2015-09-25 01:06 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-09-22 14:20 - 2015-09-22 14:26 - 00000000 ____D C:\Program Files (x86)\UPCleaner
2015-09-22 14:19 - 2015-09-22 14:25 - 00000000 ____D C:\Users\Zeynep\AppData\Roaming\Opera Software
2015-09-22 14:19 - 2015-09-22 14:25 - 00000000 ____D C:\Users\Zeynep\AppData\Local\Opera Software
Task: {04CAEC83-9BF8-41FB-97B9-A1791F97F5D6} - System32\Tasks\xe7O7BqCo7vZODk => C:\Users\Zeynep\AppData\Roaming\xe7O7BqCo7vZODk.exe [2015-04-20] () <==== ATTENTION
C:\Users\Zeynep\AppData\Roaming\xe7O7BqCo7vZODk.exe
Task: {2A7021DC-601D-4983-9984-227FD343C109} - System32\Tasks\AutoPico Daily Restart => C:\Users\Zeynep\AppData\Local\Temp\7ZipSfx.001\AutoPico.exe <==== ATTENTION
C:\Users\Zeynep\AppData\Local\Temp\7ZipSfx.001\AutoPico.exe
Task: {8FB4F00E-273D-4231-B4F6-EAFC156B28BA} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Pending Update => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: {987AF30A-9600-4AE3-9F0F-389FA6D12C4E} - System32\Tasks\WordShark Auto Updater 1.10.0.20 Core => C:\Program Files (x86)\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe [2015-07-06] (WS) <==== ATTENTION
Task: C:\Windows\Tasks\xe7O7BqCo7vZODk.job => C:\Users\Zeynep\AppData\Roaming\xe7O7BqCo7vZODk.exe <==== ATTENTION
C:\Users\Zeynep\AppData\Roaming\xe7O7BqCo7vZODk.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 25 September 2015 - 10:57 AM

Hi :hello:

 

Okey I don't do anything. :mellow:

 

Attached File  Fixlog.txt   13.1KB   1 downloads

 

Attached File  FRST.txt   252.56KB   1 downloads

Attached File  Addition.txt   23.32KB   1 downloads



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 25 September 2015 - 11:19 AM

Hi Gemma*,
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 25 September 2015 - 03:06 PM

Hi :hello:

 

Attached File  ESETScan.txt   12.58KB   2 downloads

Attached File  scan_150925-214832.txt   14.96KB   3 downloads



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 25 September 2015 - 03:24 PM

Hi Gemma*,
 
How is your system working now?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 25 September 2015 - 03:52 PM

Hi :hello:

 

I think it is working very good. Thank you so much. :rolleyes:

 

I must ask something. How I found safety torrent movie, game, program links?



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:09:47 AM

Posted 26 September 2015 - 04:15 AM

Hi Gemma*,

 

It would be best if you didn't torrent, however whenever you download an executable (.exe) you should scan it on Virustotal.

Also, I recommend downloading and installing an antivirus; Bitdefender is a good free one, however it has quite a few false positives and collects quite a lot of information about you. Avast is also a good free one, however they bundle Google Chrome/Dropbox on their installer and the antivirus is quite bloated.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 Gemma*

Gemma*
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:47 PM

Posted 26 September 2015 - 05:50 AM

Hi :hello:

 

Okey thank you. *-* I installed Bitdefender. And add Virustotal my bookmarks, before download I will scan.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users